Medium severity6.1NVD Advisory· Published Sep 3, 2020· Updated Jun 17, 2026
CVE-2020-13972
CVE-2020-13972
Description
Enghouse Web Chat 6.2.284.34 allows XSS. When one enters their own domain name in the WebServiceLocation parameter, the response from the POST request is displayed, and any JavaScript returned from the external server is executed in the browser. This is related to CVE-2019-16951.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Enghouse/Web Chatdescription
Patches
Vulnerability mechanics
References
1- burninatorsec.blogspot.com/2020/09/cve-2020-13972-xss-via-ssrf-in.htmlnvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.